National cyber defense championship is more than just a game

By William Jackson

Apr 11, 2012

Teams from 10 universities around the country will meet in San Antonio this month to compete for bragging rights and job opportunities at the seventh annual National Collegiate Cyber Defense Competition.

The teams are winners from the geek version of March Madness, having taken top honors in 10 regional college-level competitions last month. The event, hosted by the University of Texas at San Antonio, will be held April 20 and 21 as the teams defend networks against red team attacks. Winners will be announced Sunday, April 22.

Last year’s champion, the University of Washington, will be returning to the finals this year, along with the second-place finisher, Texas A&M.

The prizes being offered are modest, said Gregory White, director of the university’s Center for Infrastructure Assurance and Security.

“The big thing is the exposure and the job offers,” White said. “We have people getting very lucrative job offers as a result of the competition.”

The tourney also is intended to help the development of a professional cybersecurity workforce. The competition, which began in 2005 as a regional event in San Antonio, is part of a nationwide effort to identify and develop talent that is increasingly in demand.

“For a number of years, we have been trying to encourage interest in STEM [science, technology, engineering and math] education,” said retired Gen. Harry Raduege, chairman of Deloitte LLP’s Center for Cyber Innovation, sponsor of this year’s event. “This is encouragement and recognition of the skills we need.”

Cybersecurity has been called a major threat to the national economy and security, and manpower has been identified as a primary challenge in a digital environment in which threats and complexity are growing exponentially. In addition to the need to protect private-sector resources, government — including the military — is struggling to protect its own networks and help defend privately owned critical infrastructure.

New operations such as the recently established U.S. Cyber Command are increasing competition for the workers, and a number of universities are responding with new or expanded programs in computer security.

One of the first schools to offer graduate degree programs in cybersecurity was the University of Maryland University College, where Raduege is chairman of the curriculum development team. When the program began in the fall of 2010, there were 5,000 applicants, he said. Today there are 3,500 students in the undergraduate and two master's degree programs.

The national competition is part of an effort not only to provide exposure for university programs, but to help shape them as well. Computer science programs have been criticized for focusing on theory at the expense of hands-on experience and for not emphasizing teamwork, White said.

“Real-world experience is one of the things we wanted to provide” in the competition, he said. “We know of computer science programs that have changed their curricula as a result of the competition.”

The teams can have up to eight members, with no more than two graduate students on a team, although few teams include grad students, White said. They will be introduced to their networks on Friday morning and challenged to keep baseline services up and running while securing vulnerabilities and fending off attacks from a red team of government, academic and industry hackers. For two days they will be scored on their ability maintain services, carry out routine business tasks on the network, and keep the red team out.